Super Secure Bank

The Super Secure Bank is an application with many security issues. You have until April 22 to see what you can find.


  • Where the in the application that you found it (in the registration page, on the login page, while applying for a loan, ...)
  • The details of the exploit. What you typed in or clicked on, what you saw, what the application did, ... . This may be lengthy, depending on what you find.
  • Your suggestions for remediation. You can't see the code, so all you can do is describe it in general.

    In the security world, these are called Problem/Vulnerability/Issue Reports and they sometimes are tens of pages long each. I don't expect to see that from you, but this is what you expect to produce from a security audit.

    This is not a prescribed exercise. You need to use what you know and your technical expertise to find things that look to you like they might be security vulnerabilities. So as you go through the application, keep good notes about things that look like they might be of interest and then go back and see what you might find. You are effectively creating a threat model; a list of potential threats that need investigation.

    Include your notes in the document you turn in. What I usually do is open a Word document while I get to know the application and I put in notes of things that I see. From that, I create the list of threats, and then I go back and try to find exploits.